<?php require_once '../yubiphpbase/appinclude.php';
require_once '../yubiphpbase/yubi_lib.php';

$pin = getHttpVal('pin', '');
$devId = getHttpVal('devid', '');
//echo 'username: '.$usrname;
if (strlen($pin) >= PW_MIN) {
	if (verifyPin($devId, $pin)) {
		addHist($_SESSION['usrid'], 'Yubikey '.$devId. 'login OK');
		header('Location: index.php');
		exit;
	} else {
		alert('Failed to verify the password, your account will be disabled if the password is wrong several times.');
		// TODO: disable the key after excessive password failures
	}
}

include 'head.htm';
?>

<script>
function submitPin() {
	
	var form = document.askpin;
	
	form.pin.value = trimString(form.pin.value);
    if (form.pin.value.length < 4 || form.pin.value.length > 17) {
		alert("Enter your Yubikey password");
		return;
	}
	form.submit();
}
</script>

<title>Enter password to log in to Yubikey management console</title>

<body onload="clearInput('pin');focusInput();">

<center>
<img src=images/trust_the_net.jpg >
<br><br>

<div align=center id="R" style="width:820px;background:#9ACD32;">
<form method=post action=yubi_askpin.php name=askpin id=askpin autocomplete=off>
<table width=90% border=0>
<tr>
<td align=right>
<span class="headerText">Enter Your Password Here:</span>
</td>
<td align=center>
<input name=pin id=pin size=50 maxlength=<?php echo PW_MAX;?> type=password>
</td>
<td align=left>
<input type=button class=buttonLink value="Log Me In" onClick="submitPin()">
</td>
</tr>
</table>

<input name=devid type=hidden value="<?php echo $devId; ?>">
</form>

</div>

<br><p>
<font color=#666666>Your YubiKey ID is: <?php echo $devId; ?> (modhex)
,
<?php echo modhexToB64($devId); ?> (base64)
</font>

<?php
function verifyPin($devid, $pin) {
	$stmt = 'SELECT id, pin FROM admin WHERE keyid='.$_SESSION['keyid'];
	writeLog($stmt);
	if (($r = query($stmt))) {
		$row = mysql_fetch_assoc($r);
		mysql_free_result($r);
		$p = aesDecrypt($row['pin']);
		if ($p == $pin) {
			$_SESSION['usrid'] = $row['id'];
			return true;
		}
	}
	return false;
}
?>
